office-malware-analyzer
CommunityDeep Office malware analysis for documents.
Authorchenchunrun
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Automatically analyzes Office documents (Word, Excel, PowerPoint, WPS, OneNote) to identify malicious features such as VBA/XLM macros, DDE, template injections, and embedded payloads, enabling faster threat triage and containment.
Core Features & Use Cases
- VBA macro analysis with deobfuscation and VBA stomping detection.
- OOXML/ODF/RTF analysis for external links, embedded objects, DDE, EPS, and CVE indicators.
- IOC extraction including URLs, IPs, and domains, with risk scoring and MITRE ATT&CK mapping.
- Use Case: A security team processes a batch of Office documents to generate detailed risk reports and actionable indicators for incident response.
Quick Start
Run the Office malware analyzer on a suspicious document to generate a comprehensive report.
Dependency Matrix
Required Modules
oletoolsyara-pythonXLMMacroDeobfuscator
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: office-malware-analyzer Download link: https://github.com/chenchunrun/onyx-soc/archive/main.zip#office-malware-analyzer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.